I have a use case that sometimes requires my app to use the Resource Owner Password OAuth flow. I’ve setup all of the necessary pieces in my OktaDev account and can successfully retrieve a token response using Postman. When I try and make the same API call from my application I receive this error message in the Okta response “Browser requests to the token endpoint must use Proof Key for Code Exchange”.
@sdunning
Can you pls check if this article helps?
https://support.okta.com/help/s/article/Browser-requests-to-the-token-endpoint-must-use-Proof-Key-for-Code-Exchange?language=en_US
Thanks. It helps insomuch as it tells me that I cannot make this specific /token call from the browser application and that I will have to create an end-point in my back-end server to proxy the request to Okta. Bummer, it means that it will require more work to accomplish what I need to do.
I haven’t looked through the Okta source code yet but curious if you know how the Okta Angular service accomplishes getting the access token without calling /token?
Never-mind, I realize the other flows have different sequences of information exchange with the client.
Ok. Sounds great. Yup, you can try other flows.